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Abstract 

We present algorithms that are deterministic primality tests for a large family of integers, namely, 
integers n = 1 (mod 4) for which an integer a is given such that the Jacobi symbol (^) = —1, and 
integers n = — 1 (mod 4) for which an integer a is given such that (^) = (bj 2 ) = — 1. The algorithms 
we present run in 2“ mm ( fc ’[ 21 °s lo s n b(5(logn) 6 time, where k = v 2 (n — 1) is the exact power of 2 dividing 
n — 1 when n = 1 (mod 4) and k = v 2 (n + 1) if n = —1 (mod 4). The complexity of our algorithms 
improves up to O(logn) 4 when k > [2 log log n]. We also give tests for more general family of numbers 
and study their complexity. 


1 Introduction 

On August, 2002, Manindra Agrawal, Neeraj Kayal and Nitin Saxena published an important paper titled 
Primes is in P [3]. They produced an algorithm, now called the AKS algorithm, that determines whether a 
given number n is prime or composite and that runs in polynomial time. This remarkable achievement gives 
a positive answer to the most important question in the general theory of primality testing. In fact, they 
prove that the AKS algorithm runs in 0((logn) 12 ) time, where 0(f(x )) denotes 0(f (x)poly(log f (x)). 

In this paper we present algorithms that run faster than the AKS algorithm and are deterministic primal¬ 
ity tests for a large family of integers, namely integers n = 1 (mod 4) for which an integer a is given such 
that the Jacobi symbol (^) = —1, and integers n = — 1 (mod 4) for which an integer a is given such that 
(~) = (bp) = — 1- The algorithms we present run in 2 _min FJ 21o s lo g n ])o(logn) 6 time, where k = v 2 (n — 1) 
is the exact power of 2 dividing n — 1 when n = 1 (mod 4), and k = ^(n + 1) if n = —1 (mod 4). In 
particular, the running time of our algorithms improves up to O(logn) 4 if the value of k > [2 log log n]. If 
n is a large enough prime, then we show that our algorithm for the case n = 1 (mod 4) runs, in the worst 
case when k = 2, at least 2 11 times faster than the best possible running time for the AKS algorithm. This 
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advantage in running time increases with the value of k. For the case n = — 1 (mod 4) we get the same 
result using 2 9 instead of 2 11 . 

The first major breakthrough in the general theory of Primality Testing was achieved by Adleman, 
Pomerance and Rumely in 1983 [4], who gave a deterministic primality test running in (logn) 0 ( logloglos ™) 
time. This algorithm was later improved and implemented by Cohen and Lenstra [8]. It is known in the 
literature as the APRCL algorithm. In [3] the authors present a brief summary of the main contributions to 
this general theory prior to AKS. They describe the contributions of Goldwasser and Kilian [10], of Atkin 
[1], and of Adleman an Huang [2]. 

The theory of primality testing for restricted families of numbers had an earlier start. The first and most 
famous “modern” algorithm is the Lucas-Lehmer Test [12]. It is an algorithm that runs in 0((log?i) 2 ) time 
to determine whether a Mersenne number (a number of the form 2 P — 1, p prime) is prime or composite. 
Proth [13] enlarged the family of numbers for which a primality test that runs in 0((log?i) 2 ) exists. The 
Proth Test applies to all numbers n such that ^(n — 1) > (1/2) log n (by logn we always mean log to the 
base 2) provided an integer a is given for which the Jacobi Symbol (—) = —1. Usually such an integer a can 
easily be found using the quadratic reciprocity law; thus, the Proth test becomes deterministic for a large 
proportion of, though not all the numbers n satisfying ^(n — 1) > (l/2)log?r. Later, the Lucas-Lehmer 
Test was also extended to all numbers n = — 1 (mod 4), such that V 2 (n + 1) > (1/2) log n for which an 
integer a is given such that (-) = (1^2) = —1. In a series of papers starting around 1970, Hugh Williams 
and collaborators extended these tests to numbers satisfying v p (n ± 1) > (1/2) logn, where p is a prime, 
provided there is a prime q, q = 1 (mod p), such that n is not a p- th power modulo q , and gave many 
concrete implementations and tables of primes. Further extensions of Williams results can be found in [7]. 
The book of Williams [15] is a good source for studying many of these results and the history of this subject. 

Our paper links the two approaches described above: the general approach and the one for restricted 
families of numbers. We still need an integer a satisfying the Jacobi Symbol condition, but we no longer 
impose any condition on i >2 (n — 1) or on 1 / 2(71 + 1). Thus the tests can be implemented for a set of numbers 
of density arbitrarily near 1. The link is also evidenced by the fact that the complexity of the tests we give 
decreases as the value of k increases. 

As mentioned before, the authors of [3] were able to prove that the AKS algorithm runs in 0((logn) 12 ) 
time, but they believe (and have strong evidence to support this belief), that it actually runs in 0((log?i) 6 ) 
time. In fact they prove that this would be the case if a widely believed conjecture on the density of the 
Sophie-Germain primes is true. The main step of their algorithm (the step that determines the complexity) 
consists in verifying that 

(m + x) n = m + x n (mod n, x r — 1) 
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for to = 1 to ‘Isfr logn where r is a prime with specific properties (r — 1 has a prime divisor q > 4^/rlogn 
which divides the order of n modulo r). They prove such prime r exists in the interval (64(logn) 2 , c(log?r) 6 ) 
for some constant c. They are able to prove that r < c(log?i) 6 by making clever use of a result in analytic 
number theory on the density of primes. But they believe that such r is actually of size O(logrc) 2 (and prove 
this under the assumption of the Sophie Germain prime density conjecture mentioned above). The lower 
bound on r implies that the AKS algorithm runs in at least 0((logn) 6 ) when n is a prime. The upper bound 
implies that it runs in at most 0((log?i) 12 ). According to Bernstein [5] Lenstra was able to prove that in 
fact such r is O(logn) 4 ), hence proved that the complexity of AKS is at most 0((log?r) 8 ). He also showed 
that r need not be a prime, but that could be any number such that n is a primitive root modulo r. 

In the case n = 1 (mod 4), and assuming an integer a is given such that (-) = —1 the two key 
observations in our paper are: 

1 . It is enough to verify 

(1 + mx) n = 1 + mx n (mod n, x 2 — a) 

where s = [2 log logn] (hence 2 s < (logn) 2 )). Since 2 s is smaller than r (in fact is it at least 64 times 
smaller than r) then each of these verifications for different values of m are faster than the verification 
of the analogous step in the AKS algorithm. 

2. These verifications only have to be done for 2 max ( s-fc >°l different values of m, where k = ^(n — 1). We 
will see this in detail within the proof of Theorem 3.1 and 4.1, but we point out here the crucial fact, 
namely, that some of the conjugates of the monomial 1 + mx 11 in the corresponding finite field are also 
monomials satisfying the same congruence. So, each iteration of our test produces 2 mlr A s,fc ) different 
monomials satisfying the congruence. 

These two facts together allow us to give a more efficient primality test for those numbers and such that its 
efficiency improves with the value of k up to a certain limit ([2 log log n \). For numbers n = — 1 (mod 4) 
we were able to obtain similar results. 

In Section 2 we define the notation and give some elementary but necessary results on the theory of 
finite fields. In Section 3 we present the algorithm for the case n = 1 (mod 4), we prove the validity of 
the algorithm and study its complexity. In Section 4 we do the same for the case n = — 1 (mod 4). In 
this case our algorithm runs around 4 times slower than the one given in the previous section, when applied 
to prime numbers n of essentially the same size. In Section 5 we weaken the hypothesis given in the two 
previous sections and present a test for this larger family of numbers and some applications. In Section 6 
we compare our algorithms with the AKS algorithm (when such comparison is valid), and we indicate some 
possible paths for future investigations. We include an explicit plausible conjecture. 
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This paper is modelled after [3]. The structure is very similar. The results on the theory of finite fields 
required can be found in many basic textbooks on finite fields or number theory, for example [11]. 

2 Preliminaries and Notation 

Throughout the section p denotes an odd prime number. Let a be an integer coprime with p. The Legendre 
symbol (^) is defined by the formula 

/ a \ j 1 : if there is an integer x such that x 2 = 1 ( mod p) 

\pj [ — 1 : otherwise . 

This symbol has the following properties: 

1. If ab is coprime with p then (y) = (|)(^). 

2 . (|) = ott 1 (mod p). 

The Legendre symbol can be extended multiplicatively to the Jacobi symbol replacing p by an odd number 
m. That is, if to = pi-.-Pk and (a,m) = 1 then (y) = (y)....(y). The Jacobi symbol also satisfies property 
(1) of the Legendre symbol above. Most important, it satisfies the well-known quadratic reciprocity law 
which we now state. 

Let to, n be odd and coprime numbers. Then, 

1- (^) = (-l)^ 

2- 0 = (-l)^- 

3 - (f) = (^)(-l)^^- 

The proof of the quadratic reciprocity law can be found in most text books in number theory. As a 
reference we give [Hi- 

Let F p denote the finite field with p elements. For the sake of readability we recall some basic facts about 
the theory of finite fields that we shall employ below. These facts can also be found in many text books in 
the subject. We give [14] as a reference. 

Proposition 2.1 Let K and E be finite fields containing F p . Let q = \K\ and suppose K C E. Then, 

1. E has q d elements for some positive integer d. 

2. E is vector space of dimension d over K (d = [E : K]). 

3. E is isomorphic to K[x\/h{x) polynomial h{x) £ K[x\ of degree d irreducible over K. 
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4- Let C an algebraic closure of F p containing E. Then E is the unique subfield of C of dimension d over 
K. It is the smallest subfield of C containing a root 9 of h(x). 

E = K(0) = {f(0)\f(x) G K[x], degree f(x) < d}. 

5. The multiplicative group E* of K is cyclic of order q d — 1. 

6. The Galois group G = GalfiE/K), that is, the group of automorphism of E over K, is cyclic of order 
d. It is generated by the Frobenius automorphism a q defined by cr q (a) = a q for all a G E. 

7. [E : F p ] = [E : K][K : F p ]. 

Now let K be a finite extension of F p with q = \K\. Let K * be the multiplicative group and g a generator 
of K*. 

Lemma 2.1 For an element a of K, the following are equivalent 

1. x 2 — cr is irreducible over K for every odd integer l. 

2. x 2 — a is irreducible over K. 

3. a = < 7 4 for some odd integer t. 

4 - 01 2 = — 1 . 

Proof 

(1) => (2) is trivial. Now let us prove (2) => (3). Since g is a generator, then a = g f for some t. If t = 2 m 
then x 2 — a = x 2 — g 2m = (x — g m )(x + g m ) is reducible. (3) => (4) is obtained by noticing that g^~ = —1 
since g is a generator. Hence, a 3 ^* = (—1)* = —1. Finally, to show (4) => (1) suppose x 2 — a is reducible. 
Then, there is /3 G K such that (3 2 = a. So a= 1 which contradicts the assumption. □ 

Lemma 2.2 Let q = \K\. Assume q = 1 (mod 4). If x 2 — a is irreducible over K and 9 is a root of x 2 — a, 
then x 2 — 9 is irreducible over K(9). 

Proof 

q2 —1 

Note that \K(9)\ = q 2 . By Lemma 2.1 it is enough to prove that 9~~ = — 1 . Note that since q = 1 
(mod 4) then = t is odd. Also, since x 2 — a is irreducible over K, then a 3 " 2- = —1. Hence, 

q2 — 1 0 < 2+1 q~ 1 j. 

9^~ =({0 2 ) — )— = (-l)*=-l. 

□ 

Corollary 2.1 If \K\ = q = 1 (mod 4) and a G K is such that a 3 ^~ = — 1, then the polynomial x 2 — a is 
irreducible over I\ for all s > 1 . 
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Proof 

Proceed inductively on s. Use Lemma 2.2 and part 7 of Proposition 2.1 □ 

We can now establish the following proposition 
Proposition 2.2 1. If p = 1 (mod 4 ) and (|) = — 1, then x 2 “ — a is irreducible over F p . 

2. If p = 3 (mod 4) and (|) = (-^) = — l, then x T — 2x 2 ‘ 1 + a is irreducible over F p . 

Proof 

The assertion (1) is a particular case of the Corollary 2.1 since (|) = = —1 (mod p). In order to 

prove (2) let 9\ = 1 + y/1 — a. Since (-^) = — 1 then F p (9 1 ) has degree 2 over F p . Hence it has p 2 = q 
elements, so q = 1 (mod 4). Moreover, 

of^ = {9{ +1 ) P -^ = ((1 + V / T _ a)(l - VI —))^ =a P -^ = -1. 

Corollary 2.1 implies that x 2 — Q\ is irreducible over F p (6\). A root 9 of this polynomial satisfies, 

(x 2 — 9i)(x 2 — 9\) = x 2 — 2x 2 +a 

which belongs to P p [x]. By part 7 of Proposition 2.1 it must be irreducible over F p . □ 

3 Algorithm for the case n = 1 (mod 4) 

Throughout this section we assume that n = 1 (mod 4). Let k = V 2 (n — 1). So k > 2. Let a be an integer 
such that (-) = —1. Note for example that if n = h 2 k + 1 and h V 0 (mod 3) then n is either a multiple of 
3 or (-) = —1. This is easily deduced from the quadratic reciprocity law. It follows that the algorithm that 
we will present in this section is deterministic for numbers of that form. Finally let s = [2 log log n]. Note 
that (logn) 2 < 2 s < 2(logn) 2 . We now describe the proposed Algorithm. 

Algorithm 1 

Input n, a: n = 1 (mod 4), (-) = —1. 

Let k = 1/2 (n — 1), s = [2 log logn]. 

1. Verify properties of the Legendre Symbol and Proth’s Theorem. 

re — 1 £ _ i 

(a) Let A = a^~. If A~ ^ —1 (mod n), output composite. 

(b) If k > (1/2) logn, output prime. 

2. Verify n is not a perfect power. 

If n = d e for some positive integers d and e with e > 1, output composite. 
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3. Generate a set S of cardinality 2 max ( s fc ’°) 
m = l,S = {l},S' = {l}. 

While (|5| < 2 max ( s_fc ’°)){ 

While (to 2 * (mod n) € S'){ 
m <— m + 1 

}• 

If m > |<S|2 fc + 1, output composite. 

If (■ m,n ) > 1, output composite. 

If (mf k — s',n) > 1 for some s' € S', output composite. 

s SUW. 

5' <— «S' (J {to 2 * (mod n)} 

}• 

For all m £ S. 

If (1 + mx) n ^ (1 + mar”) mod (n, ar 2 ° — a), output composite. 

Output prime. 

Theorem 3.1 The algorithm above returns prime if and only if n is prime (as long as n> 100,). 

Theorem 3.2 The running time of the algorithm is 0(2 -mm ( s,fc )(logn) 6 ). Note that this is 0((logn) 6 ) if 
k = 2 and is 0((logn) 4 ) if k> s. 

The rest of this section is devoted to the proof of these theorems. We do this in a similar way as is done 
in [3], through the proofs of a series of lemmas. 

Lemma 3.1 If n is prime (n > 100), the algorithm returns prime. 

Proof 

Step (la) of the algorithm can not return composite because of property 2 of the Legendre symbol. 

Step (2) can not return composite because n is not a perfect power. 

Next we show Step (3) does not return composite. First note that if k > s then the algorithm does not 
enter the first while loop, hence Step (3) cannot return composite in this case. So we may assume k < s. In 
this case the algorithm generates the set S, that is, a sequence of integers to, with i = 1, ...,2 s ~ k . toi = 1. 
Since n is prime, the number of solutions of a: 2 =1 in F n is at most 2 k (in fact it is exactly 2 k since the 
distinct powers of A are solutions of this equation). It follows that m -2 < 2 k + 1. Inductively, using this 
same reasoning we deduce that m* < (t — l)2 fc + 1. Note that t — 1 is the cardinality of the set S at that 
stage of the algorithm. It follows that under the assumption that n is prime, to > |5|2 fc + 1 cannot occur. 
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It also follows that each m* < ( 2 s ~ k — l)2 fc + 1 < 2 s < 2(logn) 2 < n (this last inequality certainly occurs 
if n > 100). Hence, in the algorithm (to, n) > 1 cannot occur. Finally, since m| ^ m 2 (mod n) for all 
j < i, then (m 2 — s', n ) > 1 cannot occur. This concludes the analysis for Step (3). 

Since (1 + mx) n = 1 + mx n (mod n) then (1 + mx) n = 1 + mx n (mod (n, x 2 " — a)), so Step (4) does not 
return composite. □ 


We assume from now on that the output of the algorithm is prime. 

Lemma 3.2 Suppose that the algorithm has passed step (la), that is, it has verified A 2 = —1 (vwd n). 
Then, we have 

1. v 2 (d — 1) > k for all divisors of n. 

2. There is a prime divisor p of m for which u 2 (p — 1) = k. For such prime p, (|) = —1. 

Proof 

1. It is enough to prove it for prime divisors d of n. The hypothesis implies A 2 = — 1 (mod d), whence 
ordrf(H) = 2 fc , so v 2 (d — 1) > k. 

2. If every prime divisor q of n were to satisfy v 2 (q — 1) > k, then so would the product, that is, n. Let 
p a prime divisor of n satisfying v 2 (p — 1) = k = ^{n — 1). Let t = Note that t is odd. Hence 

(—) = A 2 ^ 1 = (A t ) 2k ~ 1 = (-1)* = -1 (mod p). 

P 

n -1 

Since A = a”^ and is odd, then we get the result. □ 

Lemma 3.3 If the algorithm output prime at Step (lb) then n is prime. 

Proof 

This follows Proth’s Theorem [13]. Let us recall its statement: if v 2 {n — 1) > (1/2) logn and (^) = —1, then 
n is prime if and only if a~~ = — 1 (mod n). □ 


Now we assume n has passed Step (lb) (so k < 1/2logn). We let p be a prime divisor of n satisfying 
v 2 (p— 1 ) = k = v 2 (n— 1). Since (|) = —1, then by Proposition 2.2, the polynomial x 2 —a is irreducible over 
F p . Let 6 be a root of the polynomial in an algebraic closure C of F p , let K = F p (6 ) and K* its multiplicative 
group. Every a £ K* is a = f(9) for some (unique) non-zero polynomial f(x) € F p [x\ of degree t < 2 s . 
Let m be an integer. We denote by r m the multiplicative homomorphism of K* consisting in raising to the 
?n-th power. We denote by a m the linear map of K defined by a m (a) = f(9 m ), where f(x) is the unique 
polynomial mentioned above. 

Lemma 3.4 For an integer m the following are equivalent: 



1. 9 m is a root ofivrg(x) — x 2 —a. 

2. a m = a (in F p ). 

3. a m (h{9)) = h(9 m ) for all h(x) € F p [x]. 

4■ am e Gal(K/F p ). 

Proof 

That (1) implies (2) is clear since ( 9 m ) 2S = a m . To see that (2) implies (3) write h(x) = f(x)+(x 2a — a)p(x) 
where f{x) has degree less than 2 s . By definition of a m we have 

a m (h(0)) = f(9 m ) = h(9 m ) - ( a m - a)p{9 m ) = h(6 m ). 

To prove that (3) implies (4) note that since a m is clearly a linear map over F p we only have to prove it 
is multiplicative, and this is trivial. Finally, (4) implies (1) is also evident: just note that a m (0) = 9 m is a 
conjugate of 9 over F p . hence, it must be a root of irrg(x). 

□ 

In particular, since a n = a (mod n), this lemma implies that a n € Gal(K/F p ), so it must be a power of 
the Frobenius automorphism a p = a p i. The idea will be to show that, under certain conditions that are met 
if the algorithm outputs prime in its last step, this implies that n = p l . We still need quite a few observations 
before reaching that conclusion. 

Write n = p l d. Then, from a n = a and a pl = a it is easy to deduce that a d = a. So ad is also an 
automorphism. Moreover, so is a^pj for all i.j > 0. More generally if mi and m 2 satisfy the equivalent 
conditions of the previous lemma then so does mim 2 and it is also easy to verify that <r miTO2 = a mi o a m2 . 
Similarly, if mi and mim .2 satisfy these conditions, then so does m 2 . On the other hand, if in satisfies 
any of the equivalent conditions of the previous lemma then the product cr m r_ m is also a multiplicative 
homomorphism of K* since it is a product of homomorphisms. It follows that 

G m = Ker a m r- m = {/(0) € K*\f(6 m ) = f(9) m } 

is a subgroup of K*, hence cyclic generated by, say, g m {9)- We now study the properties of these cyclic 
groups. 

Lemma 3.5 Suppose mi and m 2 satisfy any of the equivalent conditions of lemma 3-4, then: 

1. For all i > 0, G p = K*. 

2 . G m 1 n G m2 F G m 17712 - 

3- | G mi | divides 1 * In pavticulciT ( 777-^5 jG’TTT.jj) — 1 * 
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4 - ^mim2 


F Gmi F G m2 . 

Proof 

1. That Gi = K* is trivial. Let a € K* then er p i(a) = a p (a) = a p ', since a p is the Frobenious 
automorphism. 

2. Let a € G mi fl G m2 . Then, er mi (a) = a mi and <r m2 (a) = a m2 . It follows that 

u mim 2 (a) = cr mi (a m2 (a)) = a mi (a m2 ) = ( a mi (a)) m2 = (a ™ 1 )™ 2 = a 1 " 1 ™ 2 . 

This implies a £ G mim2 . 

3. Let a be a generator of G mi . By part 2 of this lemma a belongs to G m 2 *. On the other hand, since 

<j mi is an automorphism of K then tr^. = identity. So a 1 ™* = cr m 2 * (a) = cr^.(a) = id(a) = a. So 

2 s s 

a m i -i = i Hence |G m J = ord(a) divides mf — 1. In particular (m,, |G m J) = 1. 

4. Let o € G mim .2 O Gmi • Then 

(a m2 ) mi = a™ = a m > mi (a)) = a m 2 (a mi ) = (a m 2 (a)) roi 

so (a 1 ™ 2 ) 1 ™ 1 = (cr m2 (a)) 1 ™ 1 . By the previous item of this lemma there is an integer t such that tm\ = 1 
(mod |G mi |). Raising to this t we obtain (a 1 " 2 ) 1 ™ 1 * = (tr m 2 (a)) mit . Note that a m2 (a) has the same 
order than a. Hence a 1712 = a m2 (a). □ 

Write n = p l d where d is coprime with p. We use the previous lemma to obtain the following result. 

Corollary 3.1 For all i,j > 1, G n C G p iG d j. 

Proof 

Gn G dp i G dp i O G p i tz G d F G d i G d i O G p j tz G d i p j . Fl 

Corollary 3.2 (Analogous to Lemma 4-6 in [3]). If mi and m 2 satisfy any of the equivalent conditions of 
lemma 3.4 , then <r mi = a m2 implies |G mi fl G m2 | divides m\ — m 2 - 

Proof 

Let a € G mi fl G m2 . Then a mi = tr mi (a) = a m2 (a) = a™ 2 , thus a mi ~ m2 = 1. Since, G mi fl G m2 is a 
cyclic group, then |G mi fl G m2 | divides mi — m 2 . □ 


The following lemma is very important because it shows how to obtain 2 mm l fc,s ) monomials in G n from 
one iteration in Step 4 of the algorithm. This is the reason why the complexity of the algorithm improves 
as k grows. 
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Lemma 3.6 1. Suppose k < s. If for some integer m, we have (1 + mO) £ G n , then (1 +mA l 6) £ G m 

for i = 1,2 ,..., 2 k . 

2. Suppose k > s. Let B = A 2 . If (1 + 9) £ G n , then (1 + B l 9) £ G n for i — 1,2, 2 s . 

Proof 

1. Recall G n is a group, so (1 + m9) £ G n implies (1 +m.9) p = (1 + m9 p ) £ G n . The elements 9 P are the 
Galois conjugates of 9 in F p [9]. Since 0 2 ° = A, then the conjugates are of the form 9<f, where Cf 2 ” = 1. 
Since k < s every A 1 satisfies (A 1 ) 2 * = 1. So the A 1 are among the possible values for (. In particular, 
(1 + mA l 9) £ G n . 

2. Same as in (1) by noting that B is a primitive 2 s -th root of 1 in F p □ 

Lemma 3.7 If the algorithm ouputs prime at Step f, then \G n \ > 2 2 . 

Proof 

Assume first that k < s. Again we denote by m*, with i = 1,..., 2 s ~ k , the sequence of elements of the set 
S generated by the algorithm in Step (3). We claim that for i = 1,2,..., 2 s ~ k and j = 1,..., 2 k are 

all different and non-zero in F p . To see this recall that A has order 2 k in F p . Hence A- 7 is non zero in F p for 
all j and they are all different for j = 1,..., 2 k . The algorithm verifies (?n,;, n) = 1. Hence, the ?77 .,;A j are 
all non zero in F p . Assume ?n,;A J = m^Ai in F p . Raising to the 2 fe th power we get to 2 = m 2 in F pi but 
since the algorithm verified that m 2 — rn 2 , is coprime with n, then we must have i = i' whence we deduce 
that j = j'. So we have 2 s different non-zero elements of F p . Denote them by t r for r = 1,... ,2 s . The 
algorithm verifies that (1 + mrf) £ G„ for each i = 1,2,..., 2 s ~ k . It follows from the previous lemma that 
(1 + t r 9) € G n for r = 1,2,..., 2 s . 

If, on the other hand, k > s, then the algorithm verifies that (1 + 0) G G n , and, again, using the previous 
lemma, we get (1 + B r 9) £ G n for r = 1, 2,..., 2 s . So in both cases we obtain 2 s different monomials in G n . 
To simplify we always denote these (1 + t r 9) £ G n for r = 1,2,... ,2 s . Since G n is a group it contains the 
set T defined as 


r = < Yla + uer I + e z+, < 2 s 

V r—1 

Every element of T is of the form f(9) for some /( x) of degree less than 2 s . Since all t r are different in 
F p then the polynomials f(x) corresponding to different choices of e,; are different in F p [a;]. Since the degrees 
are less than 2 s , then the corresponding elements of S are different. 

T contains properly the set 

( 2 s __ 

F\ = < (1 + t r 9) Cr | e r £ {0,1}, e r < 2 s 

V r=l 
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with cardinality 2 2 ' — 1. Hence, T has at least 2 2 \ Therefore |G„| > 2 2 \ 


□ 


We are now ready to complete the proof of Theorem 3.1. 

Proof of Theorem 3.1 

It remains to prove that if the algorithm outputs prime in the last step, then n is prime. Assume n has 
more than one prime divisor. Hence, n = p l d where (d,p) = 1 and d > 1. We know that cr p i d j £ Gal(K / F p ) 
for all i,j > 0. Since Gal{K / F p ) has order 2 s it follows from the pigeon hole principle that there exist two 
different pairs and with 0 < *i,Ji,* 2 ?J 2 < W^\ such that a p i ld j 1 = a p i 2 d j 2 . It follows from 

Corollary 3.2 that 


\G p ii d ji CiG p i 2d j 2 1 divides p Zl d jl -p l2 d 22 . 

Hence, from Corollary3.1 we obtain 

\G n \ divides p lx d? x — p l2 d? 2 . 

Note that p n d- 71 — p l2 d^ 2 < Also note that from s = [2 log log n] one can easily deduce that 

2 2 “ > nV 2 *. It follows from Lemma 3.7 that \G n \ > So we obtain p n d = p l2 d? 2 . But this is not 

possible because p and d are coprime and («i, ji) ^ { 12 ^ 2 )- Hence d = 1. So, n = p l . Since n passed Step 2 
of the algorithm (n is not a perfect power) we conclude l = 1, so n = p □ 

Analysis of Complexity. Proof of Theorem 3.2 

Step 1 involves the calculation of a~~ (mod n) which takes G((logn) 2 ) time using the fast Fourier 
transform. 

Step 2, as in [3] takes 0((log?r) 3 ). 

Step 3. If k > s the algorithm does not enter the while loop, so in this case this step has no cost. 
When k < s, every integer m that the algorithm deals with is less than 2 s . For each of these integers m, 
it computes to 2 (mod n). It follows that the algorithm calculates to 2 for at most 2 s different values of 
in (in practice much less than this). This involves k2 s < s2 s modular multiplications (multiplications mod 
n). Using the fast Fourier transform these computations take at most G((logn) 3 ). On the other hand, the 
algorithm in this Step computes less than 2 2 ( s-fe ) gcd’s. This takes 2 2 ( s-fc )0((log n)) = 2 _2fc O((logn) 5 ) time. 

Step 4: This is the part of the computation that will determine the complexity of the algorithm. It 
involves 2 max ( s-fe >°l iterations, where by iteration we mean the computation of (1 + rriix) n mod (n, x 2 — a). 
Using fast exponentiation each iteration takes at most 21ogn multiplications in the field K. Using the fast 
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Fourier transform each of these involves 0(2 s s) modular multiplications, and likewise each of these takes 
O(logn) time. We must add that the reduction modulo x 1 “ — a is necessary after multiplications of elements 
in K, but these are done with 2 s modular multiplications, which does not affect complexity. So each iteration 
takes 0((log?i) 4 ). Hence this step takes 

2 max( s -fc,o) o((i 0 gn) 4 ) = 2 - min(s ’ fe) 0 ((logn) 6 ), 


and so does the algorithm. □ 

4 Algorithm for n = — 1 (mod 4) 

Throughout this section we assume that n = —1 (mod 4), and k = z/ 2 ( n + 1). In particular k > 2. We 
assume that an integer a is given such that (-) = (—-) = — 1. Note for example that if n = h2 k — 1 and 
h ^ 0 (mod 3) then n is either a multiple of 3 or (-|) = (-1=2) = —1. This is easily deduced from the 
quadratic reciprocity law. It follows that the algorithm presented in this section is deterministic for numbers 
of that form. Further we let t = [2 log log n] + 1, noting that t = s + 1. Hence 2 (logn ) 2 < 2* < 4 (logn) 2 . 
We now describe the proposed Algorithm. 


Algorithm 2 

Input n, a: n = -1 (mod A), (^) = (±^) = -1. 

Compute k = V 2 {n+ 1), t, = [2 log logn] + 1. 

1. Verify properties of the Legendre Symbol, the Frobenius automorphism and Lucas-type Theorem. 

(a) If a 11 ? 1 ^ — 1 (mod ?z), output composite. 

(b) If (1 + VI — a)” ^ 1 — \Jl — a (mod n) output composite. 

(c) If k > 1/2 logn output prime. 

2. Verify n is not a perfect power. 

If n = d e for some positive integer e, output composite. 

3. Finding a sequence of to/ s. 

For to = 1 to 2 max ( t-fc ’°) 

If(m,n) > 1, output composite. 

4- Finding elements in G n . 

For to = 1 to 2 max ( t-fc-1 ’°) 
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If (1 + mx) n ^ (1 + mx n ) (mod n, x 2 * +1 — 2x 2 * + a) output composite. 

output prime 

Theorem 4.1 The algorithm above returns prime if and only if n is prime (assuming n > 25). 

Theorem 4.2 The running time of the algorithm is 0(2 -mm ( s,fe )(logn) 6 ). 

The proofs of these results are analogous to the theorems in the previous section. However, in many 
occasions, the analogy is not immediate. In these cases, we will go over the necessary lemmas and give 
detailed proofs. 

Lemma 4.1 If n is prime, the algorithm returns prime. 

Proof 

Step 1 cannot output composite: in the first place because of the properties of the Legendre Symbol, and 
secondly because of the properties of the Frobenius automorphism. The rest proceeds as in the case n = 1 
(mod 4), except that in Step 3 we only need n > 25 to make sure that 2 max ( t-fc ’°) < n. □ 

We assume now that the output of the algorithm is prime. 

Lemma 4.2 Let n, a, 1 — a as in the input of the algorithm, and k 
(mod n) and that (1 + VI — a) n = 1 — y/1 — a (mod n). Then, 

1. Every prime divisor q of n satisfies either 

(a) q = 1 (mod 2 k+1 ) or 

(b) q=-1 (mod 2 k ) 

It satisfies (a) if and only if (i^ 2 ) = ( 2 ) = 1. 

It satisfies (b) if and only if (i^ 2 ) = ( 2 ) = —1. 

2. There exists a prime divisor p of n such that ^(p+l) = ^(n + l) 

Proof 

1. Let q be a prime divisor of n. We first note that (-) = 1 if and only if q = 1 (mod 4). Recall is 
odd. Hence (f) = (f)^ = (f) = (-1)^. 

n 2_ 1 

Next we show that (1 + \/l — a)^~ = —1 (mod n). This is true since 

(1 + x /1 — a)^~ = ((1 + vT = ((1 — Vl — a)(l + y/1 — a))^~ = a~^~ = —1 (mod n). 

Now suppose (i^ 2 ) = 1. Then, F q (y/ 1 — a) = F q . Since (1 + \/l — a)^~ = — 1 (mod n) then 
n 2_ 1 

(1 + VI ~ a)^~ = —1 in F q . But ^(n + 1) = k implies ^(n 2 — 1) = k + 1. So the element 


= V 2 (n + 1). Suppose a 2 = —1 


= k. For such p, (^) = (|)=-1- 
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r% z — l 

(1 + \/l — a) i k+1 has order 2 k+1 in F q so q = 1 (mod 2 k+1 ). In particular, (|) = 1 by our first 
remark. 

rt 2_ 1 

Suppose now that (i^) = — 1. Then F q (y /1 — a) = F has q 2 elements. Again, (1 + Vl — a)^~ = —1 
in F, so 


_ rt + l 

{i + VT^a)^ = ((i + v / r^r- 1 )^ = 

Note that in F ? (V1 — a), the element (3 = (= (1 + VI — a ) 9-1 lies in the unique subgroup of 

n + 1 , , 

F* of order q + 1 . has order 2 k so q = — 1 (mod 2 k ). Also, (|) = —1 by our first remark. 



2. Since (L- 2 ) = — 1 then there must be a prime divisor of n such that (A-S.) = — 1. So q = — 1 (mod 2 k ). 
If all primes satisfying (= —1 satisfy q = — 1 (mod 2 fe+1 ), then by part 1, n would satisfy n = ±1 
(mod 2 fc+1 ). But, v 2 (n + 1) = k implies this is not possible. So there is p/n such that ^(p + 1 ) = k. 
For such p 1 which is congruent to —1 (mod 4), we must have (^) = — 1. Hence, we also must have 
(i^) = —1 since we just proved that (-^) = 1 implies (|) = 1 □ 


Corollary 4.1 If the algorithm outputs prime in Step lc, then n is prime. 


Proof 

This is a small variation of the statement of a Lucas-type theorem. In any case, it is deduced easily from 
the previous lemma by noting that k > 1/2 log n is the same as 2 k > -^/n, so the possible prime divisors are 
too large. □ 


Assume now that n passed Step 1 of the algorithm and let p the prime divisor of n for which ^(p+l) = k. 
We let F = F P (V 1 — a) and K = F p {9) where 6 is a root of the polynomial x 2t+1 — 2x 2 * + a = irr^a;) which 
is irreducible by Proposition 2.2. We also note that K = F(8) and 6 is a root of x 2 * — (1 + y/1 — a) or 
x 2 — (1 — Vl — a), which are both irreducible over F. For simplicity we will assume 9 is a root of the first 
of these two polynomials. The roots of the other one are also roots of irr@(a;). Let a m defined as in the 
previous section by cr m (f(8)) = f{9 m ) when deg f(x) < 2 s . We need this lemma: 

Lemma 4.3 For an integer m the following are equivalent: 

1. 9 m is a root of irr^(x) = x 2 + — 2a; 2 + a. 

2. (1 + y/T^ r a) m = 1 ± VT — in F. 

3. a m {h{9)) = h(9 m ) for all h{x) € F p [x\. 

4- a m G Gal(K/F p ). 
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We skip the proof as it is quite similar to that of lemma 3.4 of previous section. 


When a m is an automorphism we let 

G m = {a€ K : a m (a) = a m }. 

Then G m is a cyclic subgroup of K*. Now write n = p l d, where p and d are coprime. As in the previous 
section, we can use the above lemma to show that a d i p j € Gal(K/F p ) for all i,j > 0. Moreover we carry 
over Lemma 3.5, Corollary 3.1 and Corollary 3.2 in the new environment. 

Let 

__ n 2 -l 

a = (1 + v/1 — a ) 2fc+1 • 

We have the following lemma analogous to Lemma 3.6. 

Lemma 4.4 Let (3 = a 2 max(fc+1 t 0) _ If (\ + m0) G G n for some m ^ 0 in F p , then (1 + mftd ) G G„ for 
i = 1 2 min ( k+1 ’ t ) 

Proof 

Proceed as in Lemma 3.7, since the conjugates of 9 over the field F are of the form 9( where £ 2 * = 1. 
The powers of /3 are among the latter. □ 

Next we estimate the size of G n . 

Lemma 4.5 If the algorithm outputs prime in the last step then \G n \ > 2 2 . 

Proof 

The algorithm verifies that every integer less than 2 max ( t_fc ’°) is coprime with n, hence they are all dif¬ 
ferent and non-zero in F p . Let 7 ^ = mift for i = 1,2,..., 2 max ( t_fc_1 ’°) and j = 1,2,..., 2 min ( fe+1 ’ t )_ There 
are 2* 'yfts. We claim they are all different and non-zero in F. Suppose mift = my ft . Then tna. - ft ~i _ 
Since the only powers of j3 G F p are 2 mm ( fc+1 > t ) and 2 min ( fe ’* -1 ^ (the other powers of f3 are in F — F p we get: 
either ft = ft , in which case to, = my leading to i = i' , or ft ~ J = —1, in which case m, = —my. But 
then we have to, + my = 0 in F p . Since to, + my < 2 max P _fe >°f and the algorithm verified in Step 3 that 
these were coprime with n we get our claim. Next, since the algorithm verified that (1 + mft) G G n for each 
i, it follows from the previous lemma that each of the (1 + Jij9) G G n . Therefore G n contains 2 t different 
monomials over F, and, as in the previous Section, we get the result. □ 

Proof of Theorem 4.1 

Again this proceeds along the lines of the proof of Theorem 3.1. The only difference is that now Gal{K / F p ) 
has order 2 t+1 and G n has at least 2 2 elements. The fact that 2 2 > n^ 2t+1 is easily derived from 2 2 > nft 2 *, 
keeping in mind that t = s + 1. □ 
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Remark 4.1 Note that if b,c are given integers such that ( b j~ c ) = —1 then a = ( be~ 1 ) 2 + 1 satisfies 
(«) = = — 1. This is easy to verify noting that (-£) = —1 since n = — 1 (mod 4). Alternatively, 

one could replace the polynomial in the algorithm by the polynomial x 2 + — 2bx 2 + ( b 2 + c 2 ), which is also 
irreducible in F p under the assumption (b 2 + c 2 )t~ = —1 (mod n) and (x + iy) n = (x — iy) (mod n). 


Remark 4.2 We note that the same polynomial used in the algorithm of this Section could have been used 
in the algorithm of the previous section, that is, for numbers n = 1 (mod 4), with no additional hypothesis 
on a. To see this, notice that if (^) = —1 and (—-) = 1 then (^-) = —1 and 

1 ~ = -a) ^ = ^ = 

n n n 

So the pair a,\ — a is achieved at most at the cost of computing a -1 . Hence, by Proposition 2.2 the polynomial 
x 2 + — 2x 2 — a is irreducible. However the algorithm we presented for numbers n = 1 (mod 4) runs about 
four times faster than the other one. This is so, even though the number of iterations performed by both 
algorithms is the same, since the degree of the polynomial used in this Section is four times the degree of the 
polynomial used in the previous one. 


Analysis of Complexity: Proof of Theorem 4.2 

The proof is similar to the proof of Theorem 3.2. We note that the cost of Step (3) is 0((logn) 3 ), 
which is less than the cost of Step (3) of the Algorithm in the previous section, because the number of ged’s 
computed is much less in this algorithm. However, that does not improve complexity of the algorithm since 
it is Step (4) the Step that determines its complexity. In the previous remark we compared the speed of 
the two algorithms given in this paper. This comparison cannot be deduced from the notation used in the 
statement of the theorem, which is standard notation. □ 

5 Weakly Conditioned and Unconditioned tests 

5.1 The case n = 1 (mod 4) 

Let n = 1 (mod 4). Let k = p 2 (n — 1), so k > 2. This time we assume integers a and u are given, 
1 < u < k such that a^~ = — 1 (mod n). Note that u = 1 is the case we dealt with in Section 3. At the 
other end, when u = k there is always such an a, namely a = —1. Hence we will refer to the case u = k as 
the unconditional case. We will produce a deterministic primality test for all such numbers. The complexity 
of the primality test we will give will depend also on u. The optimal performance occurs when u = 1 and 
the worst case is u = k. 

We note that if n = h2 k + l is prime, and h ^ 0 (mod 5) then either 5“ 2 “ = —1 (mod n) or 5^^ = —1 
(mod n) or n is a multiple of 5. This can be deduced from the law of biquadratic reciprocity. This fact 
was used in [ 6 ] to produce a deterministic primality test for numbers of that form provided k > 1/2 log n. 
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Combining this observation with the one made at the beginning of Section 3. We deduce that every number 
of the form n = h2 k + 1, h 0 (mod 15) is either a multiple of 3 or 5 or can be tested using a = 3 or a = 5 
and u = 1 or u = 2. 

Again we let s = [2 log log n]. We now present the algorithm in the form of a theorem. 

Theorem 5.1 Letn = 1 (mod 4). Let k = 1 / 2 ( 71 — 1). Let s = [2 log log n]. Let a and u integers, 1 < u < k 
and such that = —1 (mod n). Let S be a set of integers, |«S| = 2 max ( s-fc+2 (“~ 1 b°) such that for any 
pair m, m' of different elements of S, (m 2 + — m' 2 + , n) = 1 and such that every element of S is 
coprime with m. Suppose also that for every m G S we have (1 + mx) n = (1 + mx n ) mod (n,x 2 + ( ) — a) 
and that n is not a perfect power. Then, n is prime. 

Proof (Sketch) 

Let r = s + u — 1. Let f(x) = x 2 + 1 — a = x 2 + — a. We enumerate some facts without a proof 

that can be deduced as in Section 3. 

1. The equation a~^”~ = — 1 (mod n) implies that every prime divisor q of n satisfies 1 / 2 (q—1) > k — u + 1. 

2. There is a prime p dividing n such that 1 ^ 2 (P — 1) < fc. 

Let p be such a prime and 9 a root of f[x) in an algebraic closure of F p . 

3. 2 r < [K : F p ] < 2 r+u ~ 1 

4. a n G Gal ( K/F p ). G n is a cyclic subgroup of K*. 

Suppose n = p l d. 

5. a d G Gal ( K/F p ). G n C G p i d j for all i,j > 0. 

6 . There are integers such that 0 < ii,ji,t 2 ,j 2 < y / 2 n+u ~ 1 , (ii,ji) ^ (* 2 ,^ 2 ) and such that 

<T p i idi 1 = <J p*2dJ2 

7. \G n \/p h dF — p i2 d-l 2 . 

8 . From the fact 2 2 > n it is easily deduced that for all v > 0, 2 2 ° +t > n^ 2 “ +2v . In particular, 
2 2 r > n V * W . 

9. From the fact (1 + md) G G n for all m £ S we deduce as in Section 3 that G n contains 2 r different 
monomials over F p . Hence, \G n \ > 2 2 . 

10. From items 6, 7, 8, 9 can be deduced that d = 1 so n = p l . 

11. Since n is not a non trivial perfect power n = p. □ 

Corollary 5.1 If n,k,a,u are as in the previous theorem then the primality of n can be determined in 

2 2(«—l) 2 max( S+ 2(«—1)—GO)0(( logn )4) Ume 
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Proof 

As in the analysis of complexity of the previous sections. □ 

To be more precise about this result let A u the algorithm associated to Theorem 5.1 and C(A U ) its 
complexity. Corollary 5.1 implies that C(A U ) « 2 4 G~U(j(Ai) if k < 2 s and C(A U ) « 2 2 ^ u ~ 1 ^C(Ai) if 
k > 2 s+2 ( tl_1 ). 

Even more precise, C(A U ) « 2 4 ( u ~ 1 '>2~ 

Note also that in the unconditioned case (u = k ) the complexity is 2 4 ( fc- 1 )0((logn) 6 ) which is polynomial 
time only for values of k not too large. 


5.2 The case n = — 1 (mod 4) 

Similarly when n = — 1 (mod 4) we have the following theorems, that we state without proof since the 
details are very similar to the previous results. 

Theorem 5.2 Let n = — 1 (mod 4). Let k = v%{n + 1). Let s = [21oglog?r] and t = s + 1. Let a € Z[i) 

r\P“ — 1 

and u a positive integer, 1 < u < k + 1 and such that a~^~ = — 1 (mod n). Suppose that every positive 
integer less or equal than 2 max ( s-fe + 2 (“~ 1 )>°)+ 1 is coprime with n. 

Suppose also that for every m < 2 max ( s_fc + 2 ( M ~ 1 bo) we have (1 +mx) n = (1 + mx n ) mod (n,x 2 + —a) 

and that n is not a perfect power. Then, n is prime. 


Corollary 5.2 If n,k,a,u are as in the previous theorem then the primality of n can be determined in 
22 u 2 max(s+ 2 (M—l)—fc,o)( 3 ((i 0 g n ) 4 ) time. In other words, if we call these tests B u , then C(B U ) « 4 C(A U ). 


Remark 5.1 In each of the Theorems 3.1, 3.2, f.l, f.2, 5.1, 5.2, and Corollaries 5.1, 5.2, we claim that s 
can be replaced by [2 log log n] (and t by [2 log log n] + 1). In fact, s can be replaced by the minimum positive 
integer s such that \G n \ > n 2 1 . That s < [2 log log n] was achieved using the fact that G n contains properly 
the set T\ whose cardinality is 2 2 — 1. But actually G n contains the larger set T whose cardinality is the 
combinatorial number 


2 S+1 - 1 


1 / 2 S+1 


— 4—3 


Using Stirling's formula with error, see for instance [9], it is easy to prove that \G n \ > 2 2 

The smallest integer for which 2 2 + > n 2 1 is the smallest integer for which 2 ^ +1 > logn + s/2 + 3. 

Since we know s/2 < [loglogn] then s is at most the smallest value for which 


s/2 + 1 > log(logn + [loglogn] + 3). 


(1) 


It follows that s = [2 log log n] or maybe even [2 log log n] — 1. 

The algorithm should start by verifying which of the values satisfies (1) since each reduction in the value 
of s in one unit improves around four times the speed of the algorithm. 
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6 Conclusions and Conjecture 


In practice, it is clearly desirable to apply algorithm 1 of Section 3 or algorithm 2 of Section 4 when possible. 
In the worst case V 2 (n — 1) = k = 2), algorithm 1 runs at least 2 11 times faster than the best possible running 
time of the AKS algorithm for primes n large enough. Hence, the worst case of algorithm 2 runs 2 9 times 
faster than the best possible case of AKS. This occurs because the main step of Algorithm 1 executes at 
most 2 s-2 < ( ' los 4 ”' > iterations, each of which consist in multiplying polynomials of degree at most (log?r) 2 . 
In contrast, in the best possible case AKS executes 8(logn) 2 multiplications of polynomials of degree at least 
64(log?r) 2 . When k is large the difference in the performance improves dramatically. 

For implementation, if no integer a satisfying (—) = —1 is known a priori, then a search for such an a 
within a reasonable range should be implemented. In addition, if this fails to produce such an a, then a 
search for a small value of u would be useful. 

It is to be remarked that when the value of k is small, the running time for these tests is still large. 
This indicates that it may be reasonable to develop analogous tests for numbers n with large — 1) for 

reasonably small /. 

Note that if k > ^ log?r then the algorithms 1 and 2 run in O(logn) 2 time. Also, while k increases from 
2 to [21oglog?r] the running time improves up to 0(log?r) 4 . But when k varies from [21oglogn] to [|logn] 
there is no more improvement in the speed of our algorithm. Here we believe one should attempt to sharpen 
the algorithms because the order of the group G n can be proven to increase together with k, in such a way 
that it forces s, the smallest solution of \G n \ > n 2 ^ 2 , to decrease. To be precise we formulate the following 
conjecture, which we hope to prove in the near future. 

Conjecture. Algorithm 1 and 2 can be modified in such a way that while k increases from 2 to (l/2)log?i 
the complexity of both algorithms decreases from O(\ogn) 6 to 0(log?r) 2 . 
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